fix(django): Upgrade to 6.0 by kiblik · Pull Request #13842 · DefectDojo/django-DefectDojo
…42.66.11 (.github/workflows/renovate.yaml) (DefectDojo#13987) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…/package.json) (DefectDojo#13957) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Increasing timeouts for unit tests * fix timeouts --------- Co-authored-by: Valentijn Scholten <valentijnscholten@gmail.com>
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
* 🎉 Implement pingcastle vulnerability parser * udpate * update severity calculation * fix * Update unittests/tools/test_pingcastle_parser.py Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> * Update dojo/tools/pingcastle/parser.py Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> * Update dojo/tools/pingcastle/parser.py Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> * fix * Update docs/content/supported_tools/parsers/file/pingcastle.md --------- Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
…efectDojo#13964) Fix incorrect endpoint parsing when endpoints lack a protocol (scheme). When endpoints are converted to strings without a protocol, hyperlink.parse() misinterprets the hostname as the scheme, causing deduplication to fail. This fix normalizes endpoint strings by prepending '//' if '://' is missing, replicating the behavior from dojo/endpoint/utils.py line 265. Fixes DefectDojo#10215
…efectDojo#13967) - Add exception handling around CPE parsing in TenableCSVParser - Log unsupported CPE versions at DEBUG level instead of crashing - Allows import to continue when encountering unsupported CPE formats - Fixes issue DefectDojo#11243
…fectDojo#13968) Fixes DefectDojo#11314 When copying a FileUpload, the copy() method appends ' - clone-{hash}' (17 characters) to the title without checking if it would exceed the database max_length constraint of 100 characters. This causes a DataError when copying tests with files that have long names. The fix truncates the original title before appending the clone suffix to ensure the total length never exceeds 100 characters.
…ser (DefectDojo#13973) * Fix Tenable CSV import fails with 'Version of CPE not implemented' - Add exception handling around CPE parsing in TenableCSVParser - Log unsupported CPE versions at DEBUG level instead of crashing - Allows import to continue when encountering unsupported CPE formats - Fixes issue DefectDojo#11243 * Fix: Populate vulnerability_id field in BlackDuck Binary Analysis parser - Add unsaved_vulnerability_ids assignment when CVE is present - This ensures the vulnerability_id field is populated for de-duplication - Fixes DefectDojo#12442 * Test: Add assertions for vulnerability_id field in BlackDuck Binary Analysis parser tests - Verify unsaved_vulnerability_ids is populated with CVE value - Add specific assertion for single vuln test case - Add general assertion for multiple vulns test case - Related to DefectDojo#12442
DefectDojo release bot and others added 19 commits
February 3, 2026 00:14
….55.0-2.56.0-dev Release: Merge back 2.55.0 into dev from: master-into-dev/2.55.0-2.56.0-dev
…x/2.55.0-2.56.0-dev Release: Merge back 2.55.0 into bugfix from: master-into-bugfix/2.55.0-2.56.0-dev
…ocker-compose.yml) (DefectDojo#14223) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…43 (.github/workflows/renovate.yaml) (DefectDojo#14222) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
* update robots.txt for indexing * add audience content to algolia indexing * add cache refresh for release notes version
Bumps [django](https://github.com/django/django) from 5.2.9 to 5.2.11. - [Commits](django/django@5.2.9...5.2.11) --- updated-dependencies: - dependency-name: django dependency-version: 5.2.11 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) * Set last reviewed date and reviewer for finding Update finding's last reviewed date and reviewer to maintain parity with UI behaviors * Apply suggestion from @Maffooch * Set last reviewed date and author for finding Update finding with last reviewed date and author. * Apply suggestions from code review * Apply suggestion from @Maffooch --------- Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
…ojo#14242) Hardened build_count_subquery to explicitly clear ordering and order by group_field before slicing. This prevents Django from adding implicit ORDER BY <pk> which causes GROUP BY to collapse counts to 1. Also updated prefetch_for_product_type to use the hardened helper instead of a local Subquery with the same vulnerability. Added unit tests to verify the fixes work correctly. Co-authored-by: Paul Osinski <42211303+paulOsinski@users.noreply.github.com>
Release: Merge release into master from: release/2.55.1
…3.11 to v (dockerfile.integration-tests-debian) (DefectDojo#14233) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
….55.1-2.56.0-dev Release: Merge back 2.55.1 into dev from: master-into-dev/2.55.1-2.56.0-dev
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters